ASA IPSec VPN issue

Home Forums Networking Cisco Security – PIX/ASA/VPN ASA IPSec VPN issue

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    kung
    Member
    #155218

    Hi all, my LANs cant ping each other, i have establish site to site ipsec vpn, can any one find find out the solution why their is no rechability between LANs.
    Thanks in advance. This is the scenario.

    LAN A


    ASA1


    ASA2


    LAN B

    ASA1


    ASA Version 8.0(2)
    !
    hostname ASA1
    enable password 8Ry2YjIyt7RRXU24 encrypted
    names
    !
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address 10.1.1.1 255.255.252.0
    !
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/4
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/5
    shutdown
    no nameif
    no security-level
    no ip address
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    access-list 101 extended permit icmp any interface outside echo-reply
    access-list vpn extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
    access-list nat extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nat
    nat (inside) 1 192.168.1.0 255.255.255.0
    access-group 101 in interface outside
    route outside 172.16.1.0 255.255.255.0 10.1.1.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set leve_set esp-aes-256 esp-sha-hmac
    crypto map level_map 10 match address vpn
    crypto map level_map 10 set peer 10.1.1.2
    crypto map level_map interface outside
    crypto map leve_map 10 set transform-set leve_set
    crypto isakmp enable outside
    crypto isakmp policy 1
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    !
    service-policy global_policy global
    tunnel-group 10.1.1.2 type ipsec-l2l
    tunnel-group 10.1.1.2 ipsec-attributes
    pre-shared-key *
    prompt hostname context
    Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
    : end

    ASA2



    ASA Version 8.0(2)
    !
    hostname ASA2
    enable password 8Ry2YjIyt7RRXU24 encrypted
    names
    !
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address 10.1.1.2 255.255.252.0
    !
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 172.16.1.1 255.255.255.0
    !
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/4
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0/5
    shutdown
    no nameif
    no security-level
    no ip address
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    access-list 101 extended permit icmp any interface outside echo-reply
    access-list vpn extended permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
    access-list nat extended permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nat
    nat (inside) 1 172.16.1.0 255.255.255.0
    access-group 101 in interface outside
    route outside 192.168.1.0 255.255.255.0 10.1.1.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set leve_set esp-aes-256 esp-sha-hmac
    crypto map leve_map 10 match address vpn
    crypto map leve_map 10 set peer 10.1.1.1
    crypto map leve_map 10 set transform-set leve_set
    crypto map leve_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 1
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    !
    !
    tunnel-group 10.1.1.1 type ipsec-l2l
    tunnel-group 10.1.1.1 ipsec-attributes
    pre-shared-key *
    prompt hostname context
    Cryptochecksum:00000000000000000000000000000000
    : end

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.